Author Topic: How to remove a browser hijacker or redirect virus  (Read 19701 times)

0 Members and 1 Guest are viewing this topic.

Offline anouk.lejeune.photography

  • Newbie
  • *
  • Posts: 8
How to remove a browser hijacker or redirect virus
« on: July 29, 2014, 01:50:44 PM »
Hello,

Quite often when I look for a page I get directed to advertising pages and when I want to press a link, i'm not getting to the link, but to an advertising page. It started in Firefox and Google chrome, but is now also in safari. It is for example impossible to go through  link for my own dashboard on wordpress. I need to type the link in the searchmachine. And searching goes very slow, although my internet goes fast. I did a full scan with the free avast virus scan. I removed 6 viruses, but he also reported that he was unable to scan 258 files. It makes me worried. I have an Imac running on OS X maverickx. I have to say I recently DOWNLOADED google chrome and adobe flashplayer. But he alraidy started to act crazy with firefox.

What is the best program to get rid of this hijacker? Can the avast program do this? Stopzilla? Spyhunter? Or another program? Preferably a FREE one.

Thank you in advance!

Regards,

Anouk

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5202
Re: How to remove a browser hijacker or redirect virus
« Reply #1 on: July 30, 2014, 07:52:07 AM »
Please post your problem in the Virus and Worms section of the forum: https://forum.avast.com/index.php?topic=53253.0, however let them know that you have a mac.  You can't for example give them an MBAM log because MBAM doesn't make a version for macs.

Once you open a thread up in that section of the forum, I will notify one of the malware removal specialists to assist you.  In the meantime, so no sync your machine to any device, take it off the iCloud, do not use any USB devices, if it is on a network then disconnect it from the network.

Thank you.
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 67935
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: How to remove a browser hijacker or redirect virus
« Reply #2 on: July 30, 2014, 07:55:00 AM »
SafeSurf, we sent him/her here, as the experts only have tools for Windows.
Win 8.1 [x64] - Avast PremSec 20.10.2440.Beta#3 [UI.580] - CC 5.74 - EEK - FF ESR 78.5 [NS/AOS/uBO/PB] - TB 78.5 - SB/CP/SL/DU.B
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5202
Re: How to remove a browser hijacker or redirect virus
« Reply #3 on: July 30, 2014, 08:17:12 AM »
@ Asyn,

I already PM'd Essexboy about the OP's situation.
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 67935
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: How to remove a browser hijacker or redirect virus
« Reply #4 on: July 30, 2014, 08:20:28 AM »
Don't think he can help with a Mac, but let's see.
Win 8.1 [x64] - Avast PremSec 20.10.2440.Beta#3 [UI.580] - CC 5.74 - EEK - FF ESR 78.5 [NS/AOS/uBO/PB] - TB 78.5 - SB/CP/SL/DU.B
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline anouk.lejeune.photography

  • Newbie
  • *
  • Posts: 8
Re: How to remove a browser hijacker or redirect virus
« Reply #5 on: July 30, 2014, 11:37:06 AM »
Ok Thanks! Grtz Anouk

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5202
Re: How to remove a browser hijacker or redirect virus
« Reply #6 on: July 30, 2014, 11:46:22 PM »
@anouk.lejeune.photography,

The regular malware removal specialists are not as familiar with Macs, but I'm going to try and find someone that can assist.  Hang in there.  In the meantime, turn off your iCloud from this machine, do not sync it with other devices, Turn off Time Machine (if you use it) and backing it up to an external HD (if you do), and do not use a USB stick with this machine.

Can you tell me what is happening in Firefox (FF) that is acting strangely?  What else besides being redirected is strange with your machine?  Can you correlate all this happening with something you did with your machine, like installing a new version of Flash or downloading something or going to a site on the web?

Is your machine up to date with the software patches including iTunes and the AppStore?  What version do you have (click on the apple in the upper left corner > About this Mac)?

Have you contacted Apple regarding this problem yet?

Edit:  I have asked the Avast Moderators familiar with Macs to assist.
« Last Edit: July 30, 2014, 11:50:28 PM by SafeSurf »
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5202
Re: How to remove a browser hijacker or redirect virus
« Reply #7 on: August 01, 2014, 12:36:45 AM »
Since none of the Avast Moderators have responded and I know it is important to remove the malware from your machine, you have several choices:

1. Try going to the Geekstogo.com site: http://www.geekstogo.com/forum/ - go to the Mac forum, register for assistance for malware removal from a malware removal specialist (not a lay person)

2. Contact first, then bring your machine into an Apple retail store for diagnostic testing and malware removal.  They will keep your machine for at least 2 days for testing, and most likely if you do have malware on it have to scrub the HD.  If this happens, you will lose everything on the machine and it will be restored to it's original factory condition.  You can reinstall apps you purchased and update everything afterwards.

Unfortunately, most of the malware removal experts have been trained in Windows because Apple has felt that they were immune to malware.  Times are changing and malware is spreading to Macs more and more, as you well know, and it will only get worse.  I would suggest if you have not already done, to put security add-on's in your browser(s) - see my Signature as an example, and use Private sessions.  Be careful where you surf on the web and always use an AV (preferably a resident).

If you have not turned on your Mac's internal firewall in Stealth mode, do it.  You will most likely have to enter your Apple ID to do this, but it may help.  In addition, if you use a router, make sure it is a secured router.

Likewise, if you use flash on this machine, make sure you have the updated version once your machine is malware-free.  Download the new version of flash on your machine but don't install it yet.  You will want to make sure you remove previous versions of flash with the flash uninstaller (download it from the adobe site and put it on your desktop), then reboot.  Next install the new verson of flash for Safari and other browsers while off-line, and select the prompt to remind you when a new update is available (do not select automatic update), then reboot.  Go to Apps. to verify what version you have installed.  If you have any old versions there, delete them.

An app. to get rid of remnants of apps is AppCleaner (3rd party) - don't use this until your machine is malware-free.  You can go on their web site to learn more about it and it's free.  Basically instead of dragging an app to the trash bin, you drag it over the AppCleaner app on your desktop and it gets rid of EVERYTHING related to the app.  It is much more effective than Apple's trash bin.

I wish I could be of more help.  Let me know if you have any other questions.  Thank you.
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline tumic

  • Moderator
  • Advanced Poster
  • *
  • Posts: 724
Re: How to remove a browser hijacker or redirect virus
« Reply #8 on: August 01, 2014, 08:56:18 AM »
Since none of the Avast Moderators have responded and ...

Please note, that this is not the right forum for discussing malware analysis (and thus also to ask
the moderators of this forum for help in this case). The right place is the "viruses and worms"
forum, where the viruslab guys can help you.

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5202
Re: How to remove a browser hijacker or redirect virus
« Reply #9 on: August 01, 2014, 10:04:29 AM »
@ tumic,

Please post your problem in the Virus and Worms section of the forum: https://forum.avast.com/index.php?topic=53253.0, however let them know that you have a mac.  You can't for example give them an MBAM log because MBAM doesn't make a version for macs.

As you can see, I did instruct the OP to the correct section of the forum and consulted with the malware removal specialists, who were not able to assist.  I was therefore instructed to ask the Moderators who run the Mac forum, which you happen to be one of them.  IF you can assist this OP, that would be wonderful.  Otherwise, I have given him instructions to follow.  Thank you.  :)
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline specimen9999

  • Sr. Member
  • ****
  • Posts: 349
Re: How to remove a browser hijacker or redirect virus
« Reply #10 on: August 07, 2014, 07:23:58 PM »
Hello,

Quite often when I look for a page I get directed to advertising pages and when I want to press a link, i'm not getting to the link, but to an advertising page. It started in Firefox and Google chrome, but is now also in safari. It is for example impossible to go through  link for my own dashboard on wordpress. I need to type the link in the searchmachine. And searching goes very slow, although my internet goes fast. I did a full scan with the free avast virus scan. I removed 6 viruses, but he also reported that he was unable to scan 258 files. It makes me worried. I have an Imac running on OS X maverickx. I have to say I recently DOWNLOADED google chrome and adobe flashplayer. But he alraidy started to act crazy with firefox.

What is the best program to get rid of this hijacker? Can the avast program do this? Stopzilla? Spyhunter? Or another program? Preferably a FREE one.

Thank you in advance!

Regards,

Anouk

I don't think you have an 'active' infection, seems to be something more passive.

I think it's more likely that the malware tried to do one of the following: Changed browser startup page, Install browser extensions, change DNS and or Proxy settings, tampered with the HOSTS file.

1. Check browser's startup page.

2. It may be a spyware extension in your browser(s), try to disable all of them or start the browser in safe mode. If the problem goes away enable one by one to find the offending extension.

3. Some program might have changed your DNS or Proxy settings for your network connections, reset them, or try to use OpenDNS or Google DNS.

4. Your HOSTS file might have been tampered with ( http://www.tekrevue.com/tip/edit-hosts-file-mac-os-x/ ).

If you need further assistance please reply.

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5202
Re: How to remove a browser hijacker or redirect virus
« Reply #11 on: August 08, 2014, 01:03:32 AM »
Thank you specimen9999 for your input.  :)  But I think the OP has moved on.  I haven't heard from him in a while.  I appreciate you assisting.  Thank you again.
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.